GHSA-69q2-p9xp-739v
Suggest an improvement- Source
- https://github.com/advisories/GHSA-69q2-p9xp-739v
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/04/GHSA-69q2-p9xp-739v/GHSA-69q2-p9xp-739v.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-69q2-p9xp-739v
- Aliases
- Withdrawn
- 2024-10-09T20:47:08Z
- Published
- 2021-04-20T16:32:08Z
- Modified
- 2024-11-29T05:40:28.628319Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Duplicate Advisory: XML Injection in petl
- Details
-
Duplicate Advisory
This advisoerey has been withdrawn because it is a duplicate of GHSA-f5gc-p5m3-v347. This link is maintained to preserve external references.
Original Description
petl before 1.68, in some configurations, allows resolution of entities in an XML document.
- Database specific
{ "nvd_published_at": "2020-11-26T05:15:00Z", "cwe_ids": [ "CWE-91" ], "severity": "CRITICAL", "github_reviewed": true, "github_reviewed_at": "2021-04-13T19:20:39Z" }- References
-
- https://github.com/petl-developers/petl/security/advisories/GHSA-f5gc-p5m3-v347
- https://nvd.nist.gov/vuln/detail/CVE-2020-29128
- https://github.com/petl-developers/petl/issues/526
- https://github.com/petl-developers/petl/pull/527
- https://github.com/petl-developers/petl/commit/07420ef8463cc387aea84e2d6241cf556574e2a5
- https://github.com/nvn1729/advisories/blob/master/cve-2020-29128.md
- https://github.com/petl-developers/petl
- https://github.com/petl-developers/petl/compare/v1.6.7...v1.6.8
- https://github.com/pypa/advisory-database/tree/main/vulns/petl/PYSEC-2020-75.yaml
- https://owasp.org/www-community/vulnerabilities/XML_External_Entity_(XXE)_Processing
- https://petl.readthedocs.io/en/stable/changes.html
Affected packages
PyPI / petl
Package
- Name
- petl
- View open source insights on deps.dev
- Purl
- pkg:pypi/petl
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.6.8
Affected versions
0.*
0.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9
0.10
0.10.1
0.10.2
0.11
0.11.1
0.12
0.13
0.13.1
0.14
0.15
0.16
0.16.1
0.16.2
0.17
0.17.1
0.18
0.18.1
0.19
0.20
0.21
0.21.2
0.22
0.22.1
0.23
0.24
0.24.1
0.24.2
0.24.3
0.25
0.25.1
0.25.2
0.25.3
0.26
1.*
1.0.0-alpha1
1.0.0a2
1.0.0a3
1.0.0b1
1.0.0b2
1.0.0
1.0.1
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6
1.0.7
1.0.8
1.0.9
1.0.10
1.0.11
1.1.0
1.1.1
1.2.0
1.3.0rc3
1.3.0
1.4.0
1.5.0
1.6.0
1.6.1
1.6.2
1.6.3
1.6.4
1.6.5
1.6.6
1.6.7